Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Trojanisches Pferd "TR/Dldr.Baido"

Trojanisches Pferd "TR/Dldr.Baido"


Plagegeister aller Art und deren Bekämpfung: Trojanisches Pferd "TR/Dldr.Baido"

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.09.2006, 07:31   #1
anhanna
 
Trojanisches Pferd "TR/Dldr.Baido" - Standard

Trojanisches Pferd "TR/Dldr.Baido"


Hallo Forum!
Vorab, ich bin absolut unwissend, was Viren, Trojaner und sonstiges angeht.
Ich arbeite zur Zeit in einem kleinen Buero in Peking, und habe laut Antivir das Trojanische Pferd "TR/Dldr.Baido" auf dem Rechner. Die Dateien, die Antivir als Quelle angibt, liegen unter C:\WINDOWS\system32 und heissen cns.dll, cns.exe, cns.dat.
Antivir loescht die Dateien zwar, sie sind bei naechsten Aufruf vom Ordner system32 aber gleich wieder da und werden erneut als Viren erkannt.
Ich habe darauf hin mal gegoogelt, anscheinend hat das was mit einem "3721 Assistant Program" von Yahoo zu tun, das lateinische Buchstaben in chinesische Characters umwandelt, allerdings bin ich aus der ganzen Computer-Fachsprache nicht schlau geworden.
Ich habe versucht, verschiedene Entfernungs-Anleitungen zu befolgen, die ich im Netz gefunden habe, war aber nicht erfolgreich.
Vielleicht ist jemand diesem Trojaner auch schon begegnet und war erfolgreicher..???
Fuer Hilfe waer ich sehr dankbar...
Hanna

Alt 15.09.2006, 08:09   #2
BataAlexander
> MalwareDB
 
Trojanisches Pferd "TR/Dldr.Baido" - Standard

Trojanisches Pferd "TR/Dldr.Baido"


Hallo,

gewerblich genutzte Pcs erfahren hier keinen Support, kontaktiere hier den/die AdminIn.

Gruß

Schrulli
__________________

__________________
Alt 15.09.2006, 08:16   #3
anhanna
 
Trojanisches Pferd "TR/Dldr.Baido" - Standard

Trojanisches Pferd "TR/Dldr.Baido"


Hallo,
Ich hab mir den Virus auf meinen eigenen Laptop gezogen, als ich den Internet-Zugang genutzt habe. Ich dachte, es ist relevant, dass sich mein Rechner in China infiziert hat..
__________________
Alt 15.09.2006, 08:21   #4
BataAlexander
> MalwareDB
 
Trojanisches Pferd "TR/Dldr.Baido" - Standard

Trojanisches Pferd "TR/Dldr.Baido"


Hallo,

habe ich so nicht verstanden, lesen können.
Installiere Dir ConterSpy, wie hier beschrieben und poste dannach das Log, zusammen mit einem HijackThis Log, Anleitung hier.

Gruß

Schrulli
__________________
If every computer is running a diverse ecosystem, crackers will have
no choice but to resort to small-scale, targetted attacks, and the
days of mass-market malware will be over[...].
Stuart Udall

Alt 18.09.2006, 01:49   #5
anhanna
 
Trojanisches Pferd "TR/Dldr.Baido" - Standard

Trojanisches Pferd "TR/Dldr.Baido"


hallo schrulli, danke fuer die hilfe..

das log von counterspy ist aber anscheinend zu lang

Spyware Scan Details
Start Date: 9/15/2006 3:54:30 PM
End Date: 9/15/2006 4:34:12 PM
Total Time: 39 mins 42 secs

Detected spyware

3721 Chinese Keywords (CNSMin) Browser Plug-in more information...
Details: 3721 Chinese Keywords, also known as CNSMin or Adware.CDN, is keyword-lookup provider that takes over the search feature of IE's address bar. It is aimed at providing keywords using Chinese characters.
Status: Ignored

Infected files detected
c:\WINDOWS\Downloaded Program Files\CnsMin.dll
c:\WINDOWS\Downloaded Program Files\CnsMinIO.dll
c:\WINDOWS\Downloaded Program Files\cnsio.dll
c:\WINDOWS\Downloaded Program Files\CnsHook.dll
c:\windows\system32\cns.dll
c:\windows\system32\cns.exe
c:\windows\system32\drivers\cnsminkp.sys
c:\windows\downloaded program files\keepmain.dll
c:\windows\downloaded program files\sms.ico
c:\windows\downloaded program files\taobao.ico
c:\windows\system32\cns.dat
C:\WINDOWS\Downloaded Program Files\zsmod.dll
C:\Documents and Settings\Microsoft\Local Settings\Temporary Internet Files\Content.IE5\AJ2K4QH2\CnsMinUpM[1].cab
C:\Documents and Settings\Microsoft\Local Settings\Temporary Internet Files\Content.IE5\AJ2K4QH2\CnsMinExM[1].cab
C:\Documents and Settings\Microsoft\Local Settings\Temporary Internet Files\Content.IE5\8L6BOXMV\cnsdtu[1].cab
C:\System Volume Information\_restore{6675A66F-0537-4D22-BC25-47AC5050B295}\RP554\A0132505.dll
C:\System Volume Information\_restore{6675A66F-0537-4D22-BC25-47AC5050B295}\RP554\A0132507.dll
C:\System Volume Information\_restore{6675A66F-0537-4D22-BC25-47AC5050B295}\RP554\A0132510.dll
C:\System Volume Information\_restore{6675A66F-0537-4D22-BC25-47AC5050B295}\RP554\A0132511.dll
C:\System Volume Information\_restore{6675A66F-0537-4D22-BC25-47AC5050B295}\RP554\A0132512.dll
C:\System Volume Information\_restore{6675A66F-0537-4D22-BC25-47AC5050B295}\RP554\A0132516.dll

Infected registry entries detected
HKEY_CLASSES_ROOT\cnsminhk.cnshook.1
HKEY_CLASSES_ROOT\cnsminhk.cnshook.1\CLSID {D157330A-9EF3-49F8-9A67-4141AC41ADD4}
HKEY_CLASSES_ROOT\cnsminhk.cnshook.1 CnsHook Class
HKEY_CLASSES_ROOT\cnsminhk.cnshook
HKEY_CLASSES_ROOT\cnsminhk.cnshook\CLSID {D157330A-9EF3-49F8-9A67-4141AC41ADD4}
HKEY_CLASSES_ROOT\cnsminhk.cnshook\CurVer CnsMinHK.CnsHook.1
HKEY_CLASSES_ROOT\cnsminhk.cnshook CnsHook Class
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\{1b0e7716-898e-48cc-9690-4e338e8de1d3}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\{1b0e7716-898e-48cc-9690-4e338e8de1d3} SlowInfoCache
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\{1b0e7716-898e-48cc-9690-4e338e8de1d3} Changed 0
HKEY_CURRENT_USER\software\3721
HKEY_CURRENT_USER\software\3721\AutoLive NoShowWarning 1
HKEY_LOCAL_MACHINE\software\3721
HKEY_LOCAL_MACHINE\software\3721\Assist\Modules scrblock.dll 10000-10500,0-0, ,0-0,C:\PROGRA~1\3721\scrblock.dll,
HKEY_LOCAL_MACHINE\software\3721\AutoLive\scrblock enable 0
HKEY_LOCAL_MACHINE\software\3721\AutoLive\scrblock notify 1
HKEY_LOCAL_MACHINE\software\3721\AutoLive\scrblock ScrBlockClosed 0
HKEY_LOCAL_MACHINE\software\3721\AutoLive cns01.dat 1.0.2.8
HKEY_LOCAL_MACHINE\software\3721\AutoLive Helper.dll 1.0.9.1324
HKEY_LOCAL_MACHINE\software\3721\AutoLive Notifier.dll 1.0.0.4
HKEY_LOCAL_MACHINE\software\3721\AutoLive ScrBlock.dll 1.0.1.1000
HKEY_LOCAL_MACHINE\software\3721\AutoLive path C:\PROGRA~1\3721\
HKEY_LOCAL_MACHINE\software\3721\AutoLive alini http://download.3721.com/download/autolive.ini
HKEY_LOCAL_MACHINE\software\3721\AutoLive altimei 12
HKEY_LOCAL_MACHINE\software\3721\AutoLive alinisw http://download.3721.com/download/autolvsw.ini
HKEY_LOCAL_MACHINE\software\3721\AutoLive altimeisw 96
HKEY_LOCAL_MACHINE\software\3721\AutoLive autolive.dll 1.1.5.1324
HKEY_LOCAL_MACHINE\software\3721\AutoLive allasttime 1134977178
HKEY_LOCAL_MACHINE\software\3721\AutoLive NoNewUser 1
HKEY_LOCAL_MACHINE\software\3721\AutoLive autolive.dll_NEW 1.1.0.1021
HKEY_LOCAL_MACHINE\software\3721\AutoLive helper.dll_NEW 1.0.8.1014
HKEY_LOCAL_MACHINE\software\3721\AutoLive cns01.dat_NEW 1.0.2.7
HKEY_LOCAL_MACHINE\software\3721\AutoLive patch03.dll_NEW 1.0.0.1
HKEY_LOCAL_MACHINE\software\3721\AutoLive patch05.dll_NEW 1.0.0.1
HKEY_LOCAL_MACHINE\software\3721\AutoLive patch06.dll_NEW 1.0.0.1
HKEY_LOCAL_MACHINE\software\3721\AutoLive cns01.dat_UPD 1.0.2.7
HKEY_LOCAL_MACHINE\software\3721\AutoLive patch03.dll 1.0.0.1
HKEY_LOCAL_MACHINE\software\3721\AutoLive patch03.dll_UPD 1.0.0.1
HKEY_LOCAL_MACHINE\software\3721\AutoLive patch05.dll 1.0.0.1
HKEY_LOCAL_MACHINE\software\3721\AutoLive patch05.dll_UPD 1.0.0.1
HKEY_LOCAL_MACHINE\software\3721\AutoLive patch06.dll 1.0.0.1
HKEY_LOCAL_MACHINE\software\3721\AutoLive patch06.dll_UPD 1.0.0.1
HKEY_LOCAL_MACHINE\software\3721\AutoLive allasttimesw 1134977178
HKEY_LOCAL_MACHINE\software\3721\AutoLive autolive.dll_UPD 1.1.2.1023
HKEY_LOCAL_MACHINE\software\3721\AutoLive helper.dll_UPD 1.0.8.1014
HKEY_LOCAL_MACHINE\software\3721\AutoLive notifier.dll_NEW 1.0.0.3
HKEY_LOCAL_MACHINE\software\3721\AutoLive scrblock.dll_NEW 1.0.1.1000
HKEY_LOCAL_MACHINE\software\3721\AutoLive notifier.dll_UPD 1.0.0.4
HKEY_LOCAL_MACHINE\software\3721\AutoLive alrex.dll_NEW 1.0.0.1
HKEY_LOCAL_MACHINE\software\3721\AutoLive alrex.dll 1.0.0.1
HKEY_LOCAL_MACHINE\software\3721\AutoLive alrex.dll_UPD 1.0.0.1
HKEY_LOCAL_MACHINE\software\3721\AutoLive patch09.dll_NEW 1.0.0.1
HKEY_LOCAL_MACHINE\software\3721\AutoLive patch09.dll 1.0.0.1
HKEY_LOCAL_MACHINE\software\3721\AutoLive patch09.dll_UPD 1.0.0.1
HKEY_LOCAL_MACHINE\software\3721\AutoLive patch10.dll_NEW 1.0.0.1
HKEY_LOCAL_MACHINE\software\3721\AutoLive patch10.dll 1.0.0.1
HKEY_LOCAL_MACHINE\software\3721\AutoLive patch10.dll_UPD 1.0.0.1
HKEY_LOCAL_MACHINE\software\3721\AutoLive scrblock.dll_UPD 1.0.1.1000
HKEY_LOCAL_MACHINE\software\3721\AutoLive patch11.dll_NEW 1.0.0.4
HKEY_LOCAL_MACHINE\software\3721\AutoLive patch11.dll 1.0.0.4
HKEY_LOCAL_MACHINE\software\3721\AutoLive patch11.dll_UPD 1.0.0.4
HKEY_LOCAL_MACHINE\software\3721\AutoLive alliveex.dll_NEW 1.0.2.1005
HKEY_LOCAL_MACHINE\software\3721\AutoLive alliveex.dll 1.0.2.1005
HKEY_LOCAL_MACHINE\software\3721\AutoLive alliveex.dll_UPD 1.0.2.1005
HKEY_LOCAL_MACHINE\software\3721\AutoLive cns03.dat_NEW 1.0.2.1002
HKEY_LOCAL_MACHINE\software\3721\AutoLive cns03.dat 1.0.2.1002
HKEY_LOCAL_MACHINE\software\3721\AutoLive cns03.dat_UPD 1.0.2.1002
HKEY_LOCAL_MACHINE\software\3721\AutoLive zsmod.dll_NEW 1.0.0.1
HKEY_LOCAL_MACHINE\software\3721\AutoLive zsmod.dll 1.0.0.1
HKEY_LOCAL_MACHINE\software\3721\AutoLive zsmod.dll_UPD 1.0.0.1
HKEY_LOCAL_MACHINE\software\3721\AutoLive patch18.dll_NEW 1.0.0.1
HKEY_LOCAL_MACHINE\software\3721\AutoLive patch18.dll 1.0.0.1
HKEY_LOCAL_MACHINE\software\3721\AutoLive patch18.dll_UPD 1.0.0.1
HKEY_LOCAL_MACHINE\software\3721\AutoLive patch16.dll_NEW 1.0.0.1
HKEY_LOCAL_MACHINE\software\3721\AutoLive patch16.dll 1.0.0.1
HKEY_LOCAL_MACHINE\software\3721\AutoLive patch16.dll_UPD 1.0.0.1
HKEY_LOCAL_MACHINE\software\3721\AutoLive patch21.dll_NEW 1.0.2.1002
HKEY_LOCAL_MACHINE\software\3721\AutoLive patch21.dll 1.0.2.1002
HKEY_LOCAL_MACHINE\software\3721\AutoLive patch21.dll_UPD 1.0.2.1002
HKEY_LOCAL_MACHINE\software\3721 alhelper C:\PROGRA~1\3721\helper.dll
HKEY_LOCAL_MACHINE\software\3721 CFile C:\PROGRA~1\3721\cns01.dat
HKEY_LOCAL_MACHINE\software\3721 alpath C:\PROGRA~1\3721\autolive.dll
HKEY_LOCAL_MACHINE\software\3721 CFile2 C:\PROGRA~1\3721\cns03.dat
HKEY_LOCAL_MACHINE\software\3721 alliveex C:\PROGRA~1\3721\alliveex.dll
HKEY_CLASSES_ROOT\TypeLib\{F9AD9D67-EFA8-480E-8291-0163F3960DE7}
HKEY_CLASSES_ROOT\TypeLib\{F9AD9D67-EFA8-480E-8291-0163F3960DE7}\1.0\0\win32 C:\PROGRA~1\3721\notifier.dll
HKEY_CLASSES_ROOT\TypeLib\{F9AD9D67-EFA8-480E-8291-0163F3960DE7}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{F9AD9D67-EFA8-480E-8291-0163F3960DE7}\1.0\HELPDIR C:\PROGRA~1\3721
HKEY_CLASSES_ROOT\TypeLib\{F9AD9D67-EFA8-480E-8291-0163F3960DE7}\1.0 NTFObj 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{F97E75A4-0103-4F27-A752-327B600B1130}
HKEY_CLASSES_ROOT\TypeLib\{F97E75A4-0103-4F27-A752-327B600B1130}\1.0\0\win32 C:\PROGRA~1\3721\Assist\asnoad.dll
HKEY_CLASSES_ROOT\TypeLib\{F97E75A4-0103-4F27-A752-327B600B1130}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{F97E75A4-0103-4F27-A752-327B600B1130}\1.0\HELPDIR C:\PROGRA~1\3721\Assist
HKEY_CLASSES_ROOT\TypeLib\{F97E75A4-0103-4F27-A752-327B600B1130}\1.0 ADKiller 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{7354662F-CAA3-448B-BC01-04F55A2DCA35}
HKEY_CLASSES_ROOT\TypeLib\{7354662F-CAA3-448B-BC01-04F55A2DCA35}\1.0\0\win32 C:\PROGRA~1\3721\Assist\eheocx.dll
HKEY_CLASSES_ROOT\TypeLib\{7354662F-CAA3-448B-BC01-04F55A2DCA35}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{7354662F-CAA3-448B-BC01-04F55A2DCA35}\1.0\HELPDIR C:\PROGRA~1\3721\Assist\
HKEY_CLASSES_ROOT\TypeLib\{7354662F-CAA3-448B-BC01-04F55A2DCA35}\1.0 FFlash 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{4158DB95-DE71-41FF-BEA1-2C3D1C679DF1}
HKEY_CLASSES_ROOT\TypeLib\{4158DB95-DE71-41FF-BEA1-2C3D1C679DF1}\1.0\0\win32 C:\PROGRA~1\3721\autolive.dll
HKEY_CLASSES_ROOT\TypeLib\{4158DB95-DE71-41FF-BEA1-2C3D1C679DF1}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{4158DB95-DE71-41FF-BEA1-2C3D1C679DF1}\1.0\HELPDIR C:\PROGRA~1\3721
HKEY_CLASSES_ROOT\TypeLib\{4158DB95-DE71-41FF-BEA1-2C3D1C679DF1}\1.0 AutoLive 1.0 Type Library
HKEY_CLASSES_ROOT\Interface\{172862CD-9D35-40E7-BAF2-BA7ECF043B9C}
HKEY_CLASSES_ROOT\Interface\{172862CD-9D35-40E7-BAF2-BA7ECF043B9C}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{172862CD-9D35-40E7-BAF2-BA7ECF043B9C}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{172862CD-9D35-40E7-BAF2-BA7ECF043B9C}\TypeLib {F97E75A4-0103-4F27-A752-327B600B1130}
HKEY_CLASSES_ROOT\Interface\{172862CD-9D35-40E7-BAF2-BA7ECF043B9C}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{172862CD-9D35-40E7-BAF2-BA7ECF043B9C} IADKillerObj
HKEY_CLASSES_ROOT\Interface\{48E688C8-609F-4B08-944E-3C7FAB99CD08}
HKEY_CLASSES_ROOT\Interface\{48E688C8-609F-4B08-944E-3C7FAB99CD08}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{48E688C8-609F-4B08-944E-3C7FAB99CD08}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{48E688C8-609F-4B08-944E-3C7FAB99CD08}\TypeLib {F9AD9D67-EFA8-480E-8291-0163F3960DE7}
HKEY_CLASSES_ROOT\Interface\{48E688C8-609F-4B08-944E-3C7FAB99CD08}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{48E688C8-609F-4B08-944E-3C7FAB99CD08} IAxObj
HKEY_CLASSES_ROOT\Interface\{7436DB12-1A7A-4D87-A4E0-713EC9D86050}
HKEY_CLASSES_ROOT\Interface\{7436DB12-1A7A-4D87-A4E0-713EC9D86050}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{7436DB12-1A7A-4D87-A4E0-713EC9D86050}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{7436DB12-1A7A-4D87-A4E0-713EC9D86050}\TypeLib {D4839331-534D-4D0C-875F-D25AF6A10CCC}
HKEY_CLASSES_ROOT\Interface\{7436DB12-1A7A-4D87-A4E0-713EC9D86050}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{7436DB12-1A7A-4D87-A4E0-713EC9D86050} IToolBandObj
HKEY_CLASSES_ROOT\Interface\{924F5B3A-7A27-484A-B873-E855C9708667}
HKEY_CLASSES_ROOT\Interface\{924F5B3A-7A27-484A-B873-E855C9708667}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{924F5B3A-7A27-484A-B873-E855C9708667}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{924F5B3A-7A27-484A-B873-E855C9708667}\TypeLib {58E9B715-3C97-4048-9CBE-A708E0AEB29E}
HKEY_CLASSES_ROOT\Interface\{924F5B3A-7A27-484A-B873-E855C9708667}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{924F5B3A-7A27-484A-B873-E855C9708667} IEasyAssist
HKEY_CLASSES_ROOT\Interface\{BE08F6BC-C3E6-4149-BEB1-CB449E1B372E}
HKEY_CLASSES_ROOT\Interface\{BE08F6BC-C3E6-4149-BEB1-CB449E1B372E}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{BE08F6BC-C3E6-4149-BEB1-CB449E1B372E}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{BE08F6BC-C3E6-4149-BEB1-CB449E1B372E}\TypeLib {4158DB95-DE71-41FF-BEA1-2C3D1C679DF1}
HKEY_CLASSES_ROOT\Interface\{BE08F6BC-C3E6-4149-BEB1-CB449E1B372E}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{BE08F6BC-C3E6-4149-BEB1-CB449E1B372E} ILive
HKEY_CLASSES_ROOT\Interface\{C3A9F7F8-8862-496A-B8A4-25D4140B7DBC}
HKEY_CLASSES_ROOT\Interface\{C3A9F7F8-8862-496A-B8A4-25D4140B7DBC}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{C3A9F7F8-8862-496A-B8A4-25D4140B7DBC}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{C3A9F7F8-8862-496A-B8A4-25D4140B7DBC}\TypeLib {7354662F-CAA3-448B-BC01-04F55A2DCA35}
HKEY_CLASSES_ROOT\Interface\{C3A9F7F8-8862-496A-B8A4-25D4140B7DBC}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{C3A9F7F8-8862-496A-B8A4-25D4140B7DBC} IFlashObjectInterface
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping {00000000-0000-0001-0001-596BAEDD1289}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping {59BC54A2-56B3-44a0-93E5-432D58746E26}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping {507F9113-CD77-4866-BA92-0E86DA3D0B97}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{59BC54A2-56B3-44a0-93E5-432D58746E26}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{59BC54A2-56B3-44a0-93E5-432D58746E26} CLSID {1FBA04EE-3024-11d2-8F1F-0000F87ABD16}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{59BC54A2-56B3-44a0-93E5-432D58746E26} ButtonText E bazar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{59BC54A2-56B3-44a0-93E5-432D58746E26} HotIcon C:\WINDOWS\downlo~1\taobao.ico
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{59BC54A2-56B3-44a0-93E5-432D58746E26} Icon C:\WINDOWS\downlo~1\taobao.ico
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{59BC54A2-56B3-44a0-93E5-432D58746E26} Default Visible yes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{59BC54A2-56B3-44a0-93E5-432D58746E26} Exec http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao
HKEY_CLASSES_ROOT\FFlash.FlashObjectInterface
HKEY_CLASSES_ROOT\FFlash.FlashObjectInterface\CLSID {9EB2B422-C9EE-46C4-A471-1E79C7517B1D}
HKEY_CLASSES_ROOT\FFlash.FlashObjectInterface\CurVer FFlash.FlashObjectInterface.1
HKEY_CLASSES_ROOT\FFlash.FlashObjectInterface FlashObjectInterface Class
HKEY_CLASSES_ROOT\AutoLive.Live
HKEY_CLASSES_ROOT\AutoLive.Live\CLSID {7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2}
HKEY_CLASSES_ROOT\AutoLive.Live\CurVer AutoLive.Live.1
HKEY_CLASSES_ROOT\AutoLive.Live Live Class
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping {FD00D911-7529-4084-9946-A29F1BDF4FE5}
HKEY_CLASSES_ROOT\AutoLive.Live.1
HKEY_CLASSES_ROOT\AutoLive.Live.1\CLSID {7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2}
HKEY_CLASSES_ROOT\AutoLive.Live.1 Live Class
HKEY_CLASSES_ROOT\FFlash.FlashObjectInterface.1
HKEY_CLASSES_ROOT\FFlash.FlashObjectInterface.1\CLSID {9EB2B422-C9EE-46C4-A471-1E79C7517B1D}
HKEY_CLASSES_ROOT\FFlash.FlashObjectInterface.1 FlashObjectInterface Class
HKEY_CLASSES_ROOT\clsid\{7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2}
HKEY_CLASSES_ROOT\clsid\{7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2}\InprocServer32 C:\PROGRA~1\3721\autolive.dll
HKEY_CLASSES_ROOT\clsid\{7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2} AutoLive
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping {5D73EE86-05F1-49ed-B850-E423120EC338}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{507F9113-CD77-4866-BA92-0E86DA3D0B97}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{507F9113-CD77-4866-BA92-0E86DA3D0B97} CLSID {1FBA04EE-3024-11d2-8F1F-0000F87ABD16}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{507F9113-CD77-4866-BA92-0E86DA3D0B97} ButtonText Yahoo 1G mail
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{507F9113-CD77-4866-BA92-0E86DA3D0B97} HotIcon C:\WINDOWS\downlo~1\ymail.ico
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{507F9113-CD77-4866-BA92-0E86DA3D0B97} Icon C:\WINDOWS\downlo~1\ymail.ico
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{507F9113-CD77-4866-BA92-0E86DA3D0B97} Default Visible yes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{507F9113-CD77-4866-BA92-0E86DA3D0B97} Exec http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail
HKEY_CLASSES_ROOT\clsid\{ABEC6103-F6AC-43A3-834F-FB03FBA339A2}
HKEY_CLASSES_ROOT\clsid\{ABEC6103-F6AC-43A3-834F-FB03FBA339A2}\InprocServer32 C:\PROGRA~1\3721\notifier.dll
HKEY_CLASSES_ROOT\clsid\{ABEC6103-F6AC-43A3-834F-FB03FBA339A2}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{ABEC6103-F6AC-43A3-834F-FB03FBA339A2} NtfObj
HKEY_CLASSES_ROOT\CLSID\{33BBE430-0E42-4f12-B075-8D21ACB10DCB}
HKEY_CLASSES_ROOT\CLSID\{33BBE430-0E42-4f12-B075-8D21ACB10DCB}\InprocServer32 C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
HKEY_CLASSES_ROOT\CLSID\{33BBE430-0E42-4f12-B075-8D21ACB10DCB}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{33BBE430-0E42-4f12-B075-8D21ACB10DCB} Yahoo!Photo
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Search Bar http://seek.3721.com/srchasst.htm


EGroup Sex Dialer Porn Dialer more information...
Details: EGroup Sex Dialer is a program that changes your modem's dial-up settings and attempts to connect to a premium or international phone number to access adult material.
Status: Ignored

Infected files detected
c:\program files\instant access\multi\exe\20050801120856\common\show_module.php
c:\program files\instant access\multi\exe\20050801120856\img\dialer.ico
c:\program files\instant access\multi\exe\20050801120856\dialerexe.ini
c:\program files\instant access\desktopicons\hotel heiress.lnk
c:\program files\instant access\center\hotel heiress.lnk

Infected registry entries detected
HKEY_CURRENT_USER\software\egdhtml
HKEY_CURRENT_USER\software\egdhtml ExeStartFile C:\Program Files\Instant Access\Multi\Exe\20050801120856\Common\show_module.php


Claria.GAIN.CommonElements Adware (General) more information...
Details: Claria's GAIN network consists of several applications inlcuding Gator eWallet, GotSmiley, ScreenSeenes, WebSecureAlert, DashBar, Weatherscope, Date Manager and Precision Time.
Status: Ignored


Alt 18.09.2006, 01:50   #6
anhanna
 
Trojanisches Pferd "TR/Dldr.Baido" - Standard

Trojanisches Pferd "TR/Dldr.Baido"


fortsetzung counterspy log:


Infected registry entries detected
HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} GEF 64
HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} uets
HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} GMG 923D6AE5-0810-4F5C-B555-C849EDB9B805
HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} GMI128
HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} GMI 569683108
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi StartTime 212
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi OldestTime 212
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi 212-200 1
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi 212-bytes 46
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_trickle
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_trickle StartTime 212
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_trickle OldestTime 212
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_trickle 212-206 456
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_trickle 212-bytes 3714087
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS _BWHist
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi StartTime 212
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi OldestTime 212
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi 212-200 1
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi 212-bytes 46
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_trickle StartTime 212
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_trickle OldestTime 212
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_trickle 212-206 456
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_trickle 212-bytes 3714087
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_ts StartTime 212
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_ts OldestTime 212
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_ts 212-200 3
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_ts 212-bytes 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS _BWHist
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn PdpFirstStart 841:NEW
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat Guid 923D6AE5-0810-4F5C-B555-C849EDB9B805
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat MID128
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat MID 569683108
HKEY_LOCAL_MACHINE\software\gator.com
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gi StartTime 212
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gi OldestTime 212
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gi 212-200 1
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gi 212-bytes 46
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_trickle StartTime 212
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_trickle OldestTime 212
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_trickle 212-206 456
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_trickle 212-bytes 3714087
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_ts StartTime 212
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_ts OldestTime 212
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_ts 212-200 3
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_ts 212-bytes 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS _BWHist
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn PdpFirstStart 841:NEW
HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat Guid 923D6AE5-0810-4F5C-B555-C849EDB9B805
HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat MID128
HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat MID 569683108
HKEY_LOCAL_MACHINE\software\gator.com\trickles\TRICKLER_6106\Trickler\trickle.gator.com:80/download/trickler6.cfg AccumFile C:\DOCUME~1\MICROS~1\LOCALS~1\Temp\fsg_tmp\tmp\accum\Trickler\GTA0078713D.tmp
HKEY_LOCAL_MACHINE\software\gator.com\trickles\TRICKLER_6106\Trickler\trickle.gator.com:80/download/trickler6.cfg UrlSize 4146
HKEY_LOCAL_MACHINE\software\gator.com\trickles\TRICKLER_6106\Trickler\trickle.gator.com:80/download/trickler6.cfg UrlTime Tue, 21 Jun 2005 21:49:56 GMT
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn PdpFirstStart 841:NEW
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat MID128
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi StartTime 212
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi OldestTime 212
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi 212-200 1
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi 212-bytes 46
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_trickle StartTime 212
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_trickle OldestTime 212
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_trickle 212-206 456
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_trickle 212-bytes 3714087
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_ts StartTime 212
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_ts OldestTime 212
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_ts 212-200 3
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_ts 212-bytes 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS _BWHist
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn PdpFirstStart 841:NEW
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat Guid 923D6AE5-0810-4F5C-B555-C849EDB9B805
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat MID128
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat MID 569683108


EGroup.InstantAccess Porn Dialer more information...
Details: InstantAccess is a dialer that gives a user access to premium services of a third-party Web site, by dialing a high cost numbers using a modem.
Status: Ignored

Infected files detected
c:\program files\instant access\center\hotel heiress.lnk


WhenU.Save Adware (General) more information...
Details: WhenU.SaveNow is an adware application that displays pop-up advertising on the desktop in response to users' web browsing.
Status: Ignored

Infected files detected
c:\program files\common files\whenu\ucontrolscanandremove.ocx

Infected registry entries detected
HKEY_CLASSES_ROOT\wusn.1
HKEY_CLASSES_ROOT\wusn.1 WUSN_Id
HKEY_CLASSES_ROOT\wuse.1
HKEY_CLASSES_ROOT\wuse.1 WUSE_Id
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WhenUSaveMsg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WhenUSaveMsg SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WhenUSaveMsg Changed 0


AntiLeech Plugin Adware (General) more information...
Details: Plugin is an Ad-Ware software which enables the broadcasting of advertisements, and execution of e-commerce and other internet related services on the user-interface of the software.
Status: Ignored

Infected files detected
c:\program files\anti-leech\alie_1.0.1.6\alie.dll
c:\program files\anti-leech\alie_1.0.1.6\al2np.dll
c:\program files\anti-leech\alie_1.0.1.6\alhlp.exe
c:\program files\anti-leech\alie_1.0.1.6\alie.inf
c:\program files\anti-leech\alie_1.0.1.6\iesetup2.exe

Infected registry entries detected
HKEY_CLASSES_ROOT\AntiLeech.ALIE.1
HKEY_CLASSES_ROOT\AntiLeech.ALIE.1\CLSID {056738EE-E15C-11D6-B876-0050BF5D85C7}
HKEY_CLASSES_ROOT\AntiLeech.ALIE.1 Anti-Leech Plug-in
HKEY_CLASSES_ROOT\AntiLeech.ALIE
HKEY_CLASSES_ROOT\AntiLeech.ALIE\CLSID {056738EE-E15C-11D6-B876-0050BF5D85C7}
HKEY_CLASSES_ROOT\AntiLeech.ALIE\CurVer AntiLeech.ALIE.1
HKEY_CLASSES_ROOT\AntiLeech.ALIE Anti-Leech Plug-in
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\InprocServer32 C:\PROGRA~1\ANTI-L~1\ALIE_1~1.6\alie.dll
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\ProgID AntiLeech.ALIE.1
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\TypeLib {056738E1-E15C-11D6-B876-0050BF5D85C7}
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\VersionIndependentProgID AntiLeech.ALIE
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7} Anti-Leech Plug-in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE DisplayName Anti-Leech Plugin for Internet Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE UninstallString C:\Program Files\Anti-Leech\ALIE_1.0.1.6\iesetup2.exe uninstall


WinShadow Commercial Remote Control Tool more information...
Details: WinShadow is a remote desktop tool.
Status: Ignored


Marketscore.RelevantKnowledge Adware (General) more information...
Status: Ignored

Infected files detected
c:\windows\system32\rlls.dll


WhenU.WhenUSearch Low Risk Adware more information...
Details: WhenU.WhenUSearch is a desktop search toolbar that displays links to advertised offers in response to users' surfing behavior and opens paid search results when users perform searches through the toolbar's search mechanism.
Status: Ignored

Infected files detected
c:\program files\common files\whenu\ucontrolscanandremove.ocx

Infected registry entries detected
HKEY_CLASSES_ROOT\WUSE.1
HKEY_CLASSES_ROOT\WUSE.1 WUSE_Id
HKEY_CLASSES_ROOT\WUSN.1
HKEY_CLASSES_ROOT\WUSN.1 WUSN_Id
HKEY_CLASSES_ROOT\Interface\{BEAE14DB-A12A-442D-BF77-4644E3661211}
HKEY_CLASSES_ROOT\Interface\{BEAE14DB-A12A-442D-BF77-4644E3661211}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{BEAE14DB-A12A-442D-BF77-4644E3661211}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{BEAE14DB-A12A-442D-BF77-4644E3661211}\TypeLib {5B061650-38AE-49B4-9F5D-35396B2CEFF5}
HKEY_CLASSES_ROOT\Interface\{BEAE14DB-A12A-442D-BF77-4644E3661211}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{BEAE14DB-A12A-442D-BF77-4644E3661211} UControlScanner


Claria.Gator.eWallet Adware (General) more information...
Details: Claria's Gator eWallet is an ad supported program that can automatically fill in passwords and other form-elements on Web pages.
Status: Ignored

Infected files detected
c:\windows\gatorgaininstaller.log


GimmeWeb Toolbar more information...
Details: GimmeWeb is an Internet Explorer toolbar. It displays popup ads depending upon your surfing behavior.
Status: Ignored

Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN iexplore.exe 1

Alt 18.09.2006, 01:51   #7
anhanna
 
Trojanisches Pferd "TR/Dldr.Baido" - Standard

Trojanisches Pferd "TR/Dldr.Baido"


.. und hier der HijackThis-log: (ist das normal, dass die so lang sind???)

Logfile of HijackThis v1.99.1
Scan saved at 3:47:13 PM, on 9/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\USBToolbox\Res.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
D:\adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
D:\adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
D:\adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HiJack This\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - d:\adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - d:\adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KAVRun] D:\KAV6\KAVRun.EXE
O4 - HKLM\..\Run: [Kulansyn] D:\KAV6\Kulansyn.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [USB Storage Toolbox] d:\Program Files\USBToolbox\Res.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RavTimeXP] C:\WINDOWS\Mstray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "D:\adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "d:\adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EM_EXEC] C:\Program Files\Logitech\MouseWare\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [] C:\Program Files\Internet Explorer\SVCHOST1.EXE
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = %SystemRoot%\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://d:\adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://d:\adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://d:\adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://d:\adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://d:\adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://d:\adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://d:\adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://d:\adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: 添加到雅虎订阅(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: Yahoo 1G mail - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra button: E bazar - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing)
O9 - Extra button: Yahoo Assistant - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra button: ?e¨|??á??? - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - url:http://www.joyo.com (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ?e¨|??????¨a??? - {e1fc9760-7b95-49cd-80b9-8c9e41017b93} - url:http://www.duba.net (file missing)
O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: Repair Browser - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra button: ?¨2??2¨|?? - {f58d36c3-40be-4418-a786-d8fbe3eb3554} - D:\KAV6\kavie.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: Clean Internet access record - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O11 - Options group: [!CNS] Chinese keywords
O17 - HKLM\System\CCS\Services\Tcpip\..\{73CB8D0D-F345-48F7-8AC9-A8ACC2E0D6B2}: NameServer = 202.106.46.151 202.106.0.20
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - D:\adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Alt 18.09.2006, 08:33   #8
BataAlexander
> MalwareDB
 
Trojanisches Pferd "TR/Dldr.Baido" - Standard

Trojanisches Pferd "TR/Dldr.Baido"


Hallo,

1) lade Dir Cleanup und führe es wie beschrieben aus.

2) Jetzt folgende Dateien mittels Killbox(delete on Reboot) löschen:

c:\WINDOWS\Downloaded Program Files\CnsMin.dll
c:\WINDOWS\Downloaded Program Files\CnsMinIO.dll
c:\WINDOWS\Downloaded Program Files\cnsio.dll
c:\WINDOWS\Downloaded Program Files\CnsHook.dll
c:\windows\system32\cns.dll
c:\windows\system32\cns.exe
c:\windows\system32\drivers\cnsminkp.sys
c:\windows\downloaded program files\keepmain.dll
c:\windows\downloaded program files\sms.ico
c:\windows\downloaded program files\taobao.ico
c:\windows\system32\cns.dat
C:\WINDOWS\Downloaded Program Files\zsmod.dll
C:\Documents and Settings\Microsoft\Local Settings\Temporary Internet Files\Content.IE5\AJ2K4QH2\CnsMinUpM[1].cab
C:\Documents and Settings\Microsoft\Local Settings\Temporary Internet Files\Content.IE5\AJ2K4QH2\CnsMinExM[1].cab
C:\Documents and Settings\Microsoft\Local Settings\Temporary Internet Files\Content.IE5\8L6BOXMV\cnsdtu[1].cab
c:\windows\system32\rlls.dll
c:\windows\gatorgaininstaller.log
c:\program files\instant access (ganzen Ordner)
c:\program files\common files\whenu (ganzen Ordner)
c:\program files\anti-leech (ganzen Ordner)

3) Systemwiederherstellung abschalten

4) Jetzt den Rechner neu starten, SWH kann wieder angeschaltet werden

5) Lade Dir Regseeker, wähle die Option "clean the registry" lasse scannen und markiere dann die grünen Einträge. Jetzt "Entf" drücken.

6) Führe einen Online Scan durch, poste das Log hier.

Gruß

Schrulli
__________________
If every computer is running a diverse ecosystem, crackers will have
no choice but to resort to small-scale, targetted attacks, and the
days of mass-market malware will be over[...].
Stuart Udall
Geändert von Schrulli (18.09.2006 um 08:39 Uhr)

Alt 20.09.2006, 02:48   #9
anhanna
 
Trojanisches Pferd "TR/Dldr.Baido" - Standard

Trojanisches Pferd "TR/Dldr.Baido"


Hallo Schrulli!
Ich hab alles so ausgefuehrt, wie du geschrieben hast, bis auf den online-scan. Der braucht den internet-explorer, den ich mir aber sinnigerweise mal deinstalliert hab (glaub ich zumindest), weil ich immer mit mozilla arbeite. Zumindest sagt die site sorry und macht nichts, wenn ich den scan anklicke.
Aber ansonsten bringt mir Antivir keine Meldungen mehr, genauso wie Counterspy.
Ausserdem kam seit einer Ewigkeit schon nach dem Hochfahren immer eine Fehlermeldung, die jetzt auch nicht mehr angezeigt wird. Also, gebracht hat das alles dementsprechend schon was!
Vielen Dank,
Hanna

Antwort

Themen zu Trojanisches Pferd "TR/Dldr.Baido"
antivir, aufruf, c:\windows, dateien, erneut, forum, kleine, kleinen, ordner, pferd, quelle, system, system32, trojaner, trojanische, trojanische pferd, trojanisches, trojanisches pferd, verschiedene, versucht, viren, windows, yahoo


« Hab mir nen trojan eingefangen | TR/Vundo.Gen »


Ähnliche Themen: Trojanisches Pferd "TR/Dldr.Baido"


  1. Trojanisches Pferd "zeus2" auf meinem Computer
    Plagegeister aller Art und deren Bekämpfung - 10.07.2013 (44)
  2. "Postetikett" Trojanisches Pferd TR/Dldr.Kuluoz.B.64 u.a.
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (26)
  3. Trojanisches Pferd TR/Dldr.Vidlo.A.21
    Plagegeister aller Art und deren Bekämpfung - 29.08.2012 (13)
  4. Habe ein trojanisches Pferd TR/Dldr.Murlo.kvs, was soll ich tun??
    Plagegeister aller Art und deren Bekämpfung - 23.02.2011 (20)
  5. Trojanisches Pferd Tr/Dldr.Swizzor.Gen2
    Plagegeister aller Art und deren Bekämpfung - 30.01.2010 (1)
  6. Avira AntiVirus meldet Trojanisches Pferd "TR\Vapsup.uvj
    Plagegeister aller Art und deren Bekämpfung - 07.07.2009 (16)
  7. Trojanisches Pferd TR/Dldr.Swizzor.Gen
    Log-Analyse und Auswertung - 24.01.2009 (1)
  8. Trojanisches Pferd TR/Dldr.Dyfuca.DB - Hijackthis-Log
    Plagegeister aller Art und deren Bekämpfung - 03.12.2006 (8)
  9. Habe "Trojanisches Pferd TR/Dldr.Dyfuca.DB"
    Plagegeister aller Art und deren Bekämpfung - 29.11.2006 (3)
  10. Habe "Trojanisches Pferd TR/Dldr.Dyfuca.DB"
    Mülltonne - 28.11.2006 (0)
  11. Hilfe! Trojanisches Pferd "TR/Dldr.Zlob.aav.1"
    Log-Analyse und Auswertung - 25.08.2006 (1)
  12. Trojanisches Pferd TR\Dldr.Purity.AP.2
    Plagegeister aller Art und deren Bekämpfung - 25.04.2006 (1)
  13. Trojanisches Pferd "Startpage.ARD"
    Plagegeister aller Art und deren Bekämpfung - 19.08.2005 (7)
  14. Hilfe: Trojanisches Pferd TR/Dldr.istBar.4608
    Plagegeister aller Art und deren Bekämpfung - 26.02.2005 (16)
  15. Trojanisches Pferd TR/Dldr.Small.zd.1
    Plagegeister aller Art und deren Bekämpfung - 10.01.2005 (7)
  16. “Trojanische Pferd TR/Dldr.Agent.AP.3"
    Plagegeister aller Art und deren Bekämpfung - 17.12.2004 (12)
  17. Trojanisches Pferd "Click.Verzil.A.3"
    Plagegeister aller Art und deren Bekämpfung - 18.11.2004 (13)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojanisches Pferd "TR/Dldr.Baido" - Hallo Forum! Vorab, ich bin absolut unwissend, was Viren, Trojaner und sonstiges angeht. Ich arbeite zur Zeit in einem kleinen Buero in Peking, und habe laut Antivir das Trojanische Pferd - Trojanisches Pferd "TR/Dldr.Baido"...
Archiv
Du betrachtest: Trojanisches Pferd "TR/Dldr.Baido" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130